Fri, 10 Apr 2026 00:42:31 +0000 https://bugs.horde.org/ticket/8552 It's possible to inject javascript on Kronolith When a new event is created, it's possible to inject javascript (at least in the Title field) Fri, 04 Sep 2009 16:44:46 +0000 https://bugs.horde.org/ticket/8552#t55662 Changes have been made in Git for this ticket: Element.update() and Element.insert() don't escape content and eval scripts automatically. Escape any plain text being inserted (Bug #8552). http://git.horde.org/diff.php/kronolith/js/kronolith.js?rt=horde-git&r1=fabc16d8ac224bbcf5fbe2f5ff4ac26af563d69c&r2=62b96aed490816b1f2a5c7334ab21bb324455df9 Wed, 13 Jan 2010 00:11:03 +0000 https://bugs.horde.org/ticket/8552#t57608